I have a basic php/mysql cms. When I go to save a textfield that contains the char "&" it seems to be updating the database with "&"I'm sure it suddenly started happening, could this be a mysql update or configuration issue or...?

Pullo
—
2012-12-13T13:29:06Z —
#2

Hi there,

This might be an encoding issue.

Let me understand your problem: You have a CMS.You enter text into your CMS (for example to update a page on your site).You save your changes.You look at your website and see that the & characters which you entered in the CMS are being displayed as &

Is that correct?

skyline
—
2012-12-13T13:39:56Z —
#3

No, it's the text that is actually updated to the database that is converted to the &The text field has "&", the updated table contains "&"

cpradio
—
2012-12-13T13:41:30Z —
#4

skyline said:

No, it's the text that is actually updated to the database that is converted to the &The text field has "&", the updated table contains "&"

Right, because the CMS is likely encoding it to be stored into the database. When it is read from the database, the & is the appropriate HTML entity for displaying purposes.

Granted, it is unnecessary to encode & in a database, but it is absolutely necessary to encode it when writing it as output for a user to see on your site.

r937
—
2012-12-13T13:48:28Z —
#5

skyline said:

..could this be a mysql update or configuration issue or...?

not mysql

likely a php function

skyline
—
2012-12-13T13:51:39Z —
#6

Thanks guys, I'll look into the php then... just wanted to rule out mysql. Strange how it's suddenly started happening, almost like a version update of php or mysql had triggered the change in processing

cpradio
—
2012-12-13T13:56:44Z —
#7

Have you recently upgraded the CMS? Could be part of the CMS upgrade. On a side note, I've asked that this thread be moved to the PHP forum.

skyline
—
2012-12-13T14:00:45Z —
#8

Homemade CMS! Tracked down the problem, htmlspecialchars being applied. Doh!

cpradio
—
2012-12-13T14:54:23Z —
#9

skyline said:

Homemade CMS! Tracked down the problem, htmlspecialchars being applied. Doh!

That would do it. It is true that you DO NOT need to do that when inserting into the database, but you SHOULD be doing that when you are writing the database values to the page for a user to see.